{"id":6984,"date":"2025-06-02T16:44:50","date_gmt":"2025-06-02T14:44:50","guid":{"rendered":"https:\/\/industrialdigitaltwin.org\/en\/?post_type=specificationpapers&#038;p=6984"},"modified":"2026-04-10T15:50:26","modified_gmt":"2026-04-10T13:50:26","slug":"specification-of-the-asset-administration-shell-part-4-security-idta-number-01004","status":"publish","type":"specificationpapers","link":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004","title":{"rendered":"Specification of the Asset Administration Shell Part 4: Security \u2013 IDTA Number: 01004"},"content":{"rendered":"\n<p>This document defines the security of the Asset Administration Shell. The interaction between authentication and authorisation is explained. The focus of the document is the Access Rule Model. ABAC (Attribute Based Access Control) is used for Access Rules.<\/p>\n\n\n\n<p>Access Rules can be defined for both registries and repositories, so that descriptors, AASs, entire submodels or even individual submodel elements can be protected. References to the AAS model, global attributes such as time or claims from a signed access token can be used as attributes. Access tokens can be provided via authentication using OAuth 2.0, OpenID Connect or from a data room.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"featured_media":7569,"parent":0,"template":"","class_list":["post-6984","specificationpapers","type-specificationpapers","status-publish","has-post-thumbnail","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Specification of the Asset Administration Shell Part 4: Security \u2013 IDTA Number: 01004 - IDTA<\/title>\n<meta name=\"description\" content=\"This document defines the security of the Asset Administration Shell. The interaction between authentication and authorisation is explained. The focus of the document is the Access Rule Model. ABAC (Attribute Based Access Control) is used for Access Rules.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Specification of the Asset Administration Shell Part 4: Security \u2013 IDTA Number: 01004 - IDTA\" \/>\n<meta property=\"og:description\" content=\"This document defines the security of the Asset Administration Shell. The interaction between authentication and authorisation is explained. The focus of the document is the Access Rule Model. ABAC (Attribute Based Access Control) is used for Access Rules.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004\" \/>\n<meta property=\"og:site_name\" content=\"IDTA\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-10T13:50:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/industrialdigitaltwin.org\/en\/wp-content\/uploads\/sites\/2\/2025\/06\/IDTA-01004-3-0-2_AAS-Specification_Part4_Security_Title.png\" \/>\n\t<meta property=\"og:image:width\" content=\"495\" \/>\n\t<meta property=\"og:image:height\" content=\"700\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/content-hub\\\/aasspecifications\\\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004\",\"url\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/content-hub\\\/aasspecifications\\\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004\",\"name\":\"Specification of the Asset Administration Shell Part 4: Security \u2013 IDTA Number: 01004 - IDTA\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/content-hub\\\/aasspecifications\\\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/content-hub\\\/aasspecifications\\\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/06\\\/IDTA-01004-3-0-2_AAS-Specification_Part4_Security_Title.png\",\"datePublished\":\"2025-06-02T14:44:50+00:00\",\"dateModified\":\"2026-04-10T13:50:26+00:00\",\"description\":\"This document defines the security of the Asset Administration Shell. The interaction between authentication and authorisation is explained. The focus of the document is the Access Rule Model. ABAC (Attribute Based Access Control) is used for Access Rules.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/content-hub\\\/aasspecifications\\\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/content-hub\\\/aasspecifications\\\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/content-hub\\\/aasspecifications\\\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#primaryimage\",\"url\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/06\\\/IDTA-01004-3-0-2_AAS-Specification_Part4_Security_Title.png\",\"contentUrl\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2025\\\/06\\\/IDTA-01004-3-0-2_AAS-Specification_Part4_Security_Title.png\",\"width\":495,\"height\":700},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/content-hub\\\/aasspecifications\\\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AAS Specifications\",\"item\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/content-hub\\\/aasspecifications\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Specification of the Asset Administration Shell Part 4: Security \u2013 IDTA Number: 01004\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/\",\"name\":\"IDTA\",\"description\":\"Industrial Digital Twin Association\",\"publisher\":{\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/#organization\",\"name\":\"Industrial Digital Twin Association e. V.\",\"url\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2021\\\/09\\\/idta_logo_og.jpg\",\"contentUrl\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2021\\\/09\\\/idta_logo_og.jpg\",\"width\":1200,\"height\":627,\"caption\":\"Industrial Digital Twin Association e. V.\"},\"image\":{\"@id\":\"https:\\\/\\\/industrialdigitaltwin.org\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/industrial-digital-twin-association\\\/\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCvYk-bRkF9-x0HdpJfEcV7g\",\"https:\\\/\\\/de.wikipedia.org\\\/wiki\\\/Industrial_Digital_Twin_Association\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Specification of the Asset Administration Shell Part 4: Security \u2013 IDTA Number: 01004 - IDTA","description":"This document defines the security of the Asset Administration Shell. The interaction between authentication and authorisation is explained. The focus of the document is the Access Rule Model. ABAC (Attribute Based Access Control) is used for Access Rules.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004","og_locale":"en_US","og_type":"article","og_title":"Specification of the Asset Administration Shell Part 4: Security \u2013 IDTA Number: 01004 - IDTA","og_description":"This document defines the security of the Asset Administration Shell. The interaction between authentication and authorisation is explained. The focus of the document is the Access Rule Model. ABAC (Attribute Based Access Control) is used for Access Rules.","og_url":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004","og_site_name":"IDTA","article_modified_time":"2026-04-10T13:50:26+00:00","og_image":[{"width":495,"height":700,"url":"https:\/\/industrialdigitaltwin.org\/en\/wp-content\/uploads\/sites\/2\/2025\/06\/IDTA-01004-3-0-2_AAS-Specification_Part4_Security_Title.png","type":"image\/png"}],"twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004","url":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004","name":"Specification of the Asset Administration Shell Part 4: Security \u2013 IDTA Number: 01004 - IDTA","isPartOf":{"@id":"https:\/\/industrialdigitaltwin.org\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#primaryimage"},"image":{"@id":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#primaryimage"},"thumbnailUrl":"https:\/\/industrialdigitaltwin.org\/en\/wp-content\/uploads\/sites\/2\/2025\/06\/IDTA-01004-3-0-2_AAS-Specification_Part4_Security_Title.png","datePublished":"2025-06-02T14:44:50+00:00","dateModified":"2026-04-10T13:50:26+00:00","description":"This document defines the security of the Asset Administration Shell. The interaction between authentication and authorisation is explained. The focus of the document is the Access Rule Model. ABAC (Attribute Based Access Control) is used for Access Rules.","breadcrumb":{"@id":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#primaryimage","url":"https:\/\/industrialdigitaltwin.org\/en\/wp-content\/uploads\/sites\/2\/2025\/06\/IDTA-01004-3-0-2_AAS-Specification_Part4_Security_Title.png","contentUrl":"https:\/\/industrialdigitaltwin.org\/en\/wp-content\/uploads\/sites\/2\/2025\/06\/IDTA-01004-3-0-2_AAS-Specification_Part4_Security_Title.png","width":495,"height":700},{"@type":"BreadcrumbList","@id":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications\/specification-of-the-asset-administration-shell-part-4-security-idta-number-01004#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/industrialdigitaltwin.org\/en\/"},{"@type":"ListItem","position":2,"name":"AAS Specifications","item":"https:\/\/industrialdigitaltwin.org\/en\/content-hub\/aasspecifications"},{"@type":"ListItem","position":3,"name":"Specification of the Asset Administration Shell Part 4: Security \u2013 IDTA Number: 01004"}]},{"@type":"WebSite","@id":"https:\/\/industrialdigitaltwin.org\/en\/#website","url":"https:\/\/industrialdigitaltwin.org\/en\/","name":"IDTA","description":"Industrial Digital Twin Association","publisher":{"@id":"https:\/\/industrialdigitaltwin.org\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/industrialdigitaltwin.org\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/industrialdigitaltwin.org\/en\/#organization","name":"Industrial Digital Twin Association e. V.","url":"https:\/\/industrialdigitaltwin.org\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/industrialdigitaltwin.org\/en\/#\/schema\/logo\/image\/","url":"https:\/\/industrialdigitaltwin.org\/en\/wp-content\/uploads\/sites\/2\/2021\/09\/idta_logo_og.jpg","contentUrl":"https:\/\/industrialdigitaltwin.org\/en\/wp-content\/uploads\/sites\/2\/2021\/09\/idta_logo_og.jpg","width":1200,"height":627,"caption":"Industrial Digital Twin Association e. V."},"image":{"@id":"https:\/\/industrialdigitaltwin.org\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/industrial-digital-twin-association\/","https:\/\/www.youtube.com\/channel\/UCvYk-bRkF9-x0HdpJfEcV7g","https:\/\/de.wikipedia.org\/wiki\/Industrial_Digital_Twin_Association"]}]}},"_links":{"self":[{"href":"https:\/\/industrialdigitaltwin.org\/en\/wp-json\/wp\/v2\/specificationpapers\/6984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/industrialdigitaltwin.org\/en\/wp-json\/wp\/v2\/specificationpapers"}],"about":[{"href":"https:\/\/industrialdigitaltwin.org\/en\/wp-json\/wp\/v2\/types\/specificationpapers"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/industrialdigitaltwin.org\/en\/wp-json\/wp\/v2\/media\/7569"}],"wp:attachment":[{"href":"https:\/\/industrialdigitaltwin.org\/en\/wp-json\/wp\/v2\/media?parent=6984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}